diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-03-19 13:04:29 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-03-19 13:04:29 +0000 |
| commit | e08e3e006e1482c91ed76b24291f47f872f913ff (patch) | |
| tree | eb2ddf9b5b8eb5a46e412ded50090a1ef54143ee /wp-comments-post.php | |
| parent | 98190363e52787ef578afddbdd8d927ab703b286 (diff) | |
| download | wordpress-mu-e08e3e006e1482c91ed76b24291f47f872f913ff.tar.gz wordpress-mu-e08e3e006e1482c91ed76b24291f47f872f913ff.tar.xz wordpress-mu-e08e3e006e1482c91ed76b24291f47f872f913ff.zip | |
WP Merge to rev 5061
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@920 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-comments-post.php')
| -rw-r--r-- | wp-comments-post.php | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/wp-comments-post.php b/wp-comments-post.php index 26b476b..5988fd5 100644 --- a/wp-comments-post.php +++ b/wp-comments-post.php @@ -25,14 +25,20 @@ $comment_content = trim($_POST['comment']); // If the user is logged in $user = wp_get_current_user(); -if ( $user->ID ) : +if ( $user->ID ) { $comment_author = $wpdb->escape($user->display_name); $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); -else : + if ( current_user_can('unfiltered_html') ) { + if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { + kses_remove_filters(); // start with a clean slate + kses_init_filters(); // set up the filters + } + } +} else { if ( get_option('comment_registration') ) wp_die( __('Sorry, you must be logged in to post a comment.') ); -endif; +} $comment_type = ''; |